I am a little disappointed; does no one use Archiva in an environment where central authentication and disaster recovery is regarded as important?
Or perhaps this is the wrong mailing list? Or perhaps I'm looking at the wrong documents? security.properties file itself offers no hints. The comments/hints in application.xml seemed to help, but it doesn't give everything that's needed (apparently). A google search for: archiva ldap 1) http://archiva.apache.org/redback/integration/ldap.html is out of date with the files being shipped with Archiva. 2) https://cwiki.apache.org/ARCHIVA/howto-configure-usermanagement-with-ldap.html is missing the actual useful bits on the page, but talks about them a lot. 3) An LDAP thread from Oct 2008 on this mailing list talks about a lack of documentation, with a broken link to an example default config (which I managed to trace to the new repo but that didn't help) 4) A bug report where steps similar to mine are reported but was closed without addressing the actual issue with the only comment being "admin account was locked" - but with LDAP enabled there doesn't appear to be an unlock option. etc. I'm at a loss here; I'm a system administrator - not a dev. Anyone feel like giving me some hints? - chris -----Original Message----- From: Chris Jacobs [mailto:[email protected]] Sent: Thursday, May 03, 2012 4:54 PM To: [email protected] Subject: RE: LDAP authentication I have managed some success by adding the lines to security.properties: redback.default.admin=archiva-admin (a real ldap account) redback.default.guest=archiva-guest (a real ldap account) However, if I start with that config form the start, I am unable to login as the archiva-admin account (even if I set it to other names which don't exist in LDAP). I've found I can work around it by: Install clean Add ONLY the redback.default.admin line above Start Archiva Open page, complete admin form. On the following ridiculous page, it requests that I now CHANGE the password. Pffft. Stop Archiva Put in place the security.properties and application.xml files as below into place - with the addition of the two redback lines above, and then start archiva. And things work. Problem: This kind of setup procedure is untenable from a repeatable system build (disaster recovery is important yo) persepective. I suspect that my configs are off somewhere where I'm unable to login as the archiva-admin LDAP account - if I'm able to resolve this issue without having to play config file musical chairs, I'll be golden. Thoughts? Thanks, - chris -----Original Message----- From: Chris Jacobs [mailto:[email protected]] Sent: Thursday, May 03, 2012 11:27 AM To: [email protected] Subject: LDAP authentication Hello, The documentation I've seen for configuring authentication via LDAP is sparse, inconsistent, and out of date (Redback), so before I even go into the details of my problem I'll grant that I may have missed something important. I'm using the current/latest stable release of Archiva's Standalone, 1.3.5. Here are the changes I've made from the default configuration (I haven't even tried to bring the config and DBs from our existing 1.2.2 Archiva instance). Diff against source of archiva/apps/archiva/WEB-INF/classes/org/apache/maven/archiva/security.properties: (cleaned of actual DNS and DN path) ---------------------------------------------- 28,41d27 < < ldap.config.hostname=ldap-vip.example.net < ldap.config.port=389 < ldap.config.base.dn=ou=people,dc=example,dc=net < ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory < < ldap.config.mapper.attribute.email=mail < ldap.config.mapper.attribute.fullname=cn < ldap.config.mapper.attribute.password=userPassword < ldap.config.mapper.attribute.user.id=uid < ldap.config.mapper.attribute.user.base=ou=people,dc=example,dc=net < ldap.config.mapper.attribute.user.object.class=inetOrgPerson < < ldap.bind.authenticator.enabled=true ---------------------------------------------- Diff against source of archiva/apps/archiva/WEB-INF/classes/META-INF/plexus/application.xml: (cleaned of actual DNS and DN path) ---------------------------------------------- 257c257 < <component> --- > <!-- component> 266c266 < </component> --- > </component--> 291c291 < <component> --- > <!-- component> 296,297c296,297 < <email-attribute>mail</email-attribute> < <full-name-attribute>cn</full-name-attribute> --- > <email-attribute>email</email-attribute> > <full-name-attribute>givenName</full-name-attribute> 300c300 < <user-base-dn>ou=people,dc=example,dc=net</user-base-dn> --- > <user-base-dn>o=com</user-base-dn> 308c308 < </component> --- > </component--> ---------------------------------------------- I can authenticate as admin just fine, when I authenticate as an LDAP user, I see in the logs: ---------------------------------------------- ==> wrapper.20120503.log <== INFO | jvm 1 | 2012/05/03 16:34:48 | 2012-05-03 16:34:47.992::WARN: /archiva/security/login.action INFO | jvm 1 | 2012/05/03 16:34:48 | java.lang.NullPointerException INFO | jvm 1 | 2012/05/03 16:34:48 | at org.codehaus.plexus.redback.struts2.action.LoginAction.webLogin(LoginAction.java:341) INFO | jvm 1 | 2012/05/03 16:34:48 | at org.codehaus.plexus.redback.struts2.action.LoginAction.login(LoginAction.java:133) (continues, snipped) ---------------------------------------------- ==> archiva.log <== 2012-05-03 16:34:47,940 [btpool0-3] WARN org.codehaus.plexus.redback.authentication.users.UserManagerAuthenticator - Login for user csjacobs failed. user not found. 2012-05-03 16:34:47,942 [btpool0-3] INFO org.codehaus.plexus.redback.authentication.ldap.LdapBindAuthenticator - Searching for users with filter: '(&(objectClass=inetOrgPerson)(uid=csjacobs))' from base dn: ou=people,dc=unix,dc=aptimus,dc=net 2012-05-03 16:34:47,978 [btpool0-3] INFO org.codehaus.plexus.redback.authentication.ldap.LdapBindAuthenticator - Found user?: true 2012-05-03 16:34:47,980 [btpool0-3] INFO org.codehaus.plexus.redback.authentication.ldap.LdapBindAuthenticator - Attempting Authenication: + uid=csjacobs,ou=people,dc=unix,dc=aptimus,dc=net ---------------------------------------------- And in my browser: ---------------------------------------------- HTTP ERROR 500 Problem accessing /archiva/security/login.action. Reason: INTERNAL_SERVER_ERROR Caused by: java.lang.NullPointerException at org.codehaus.plexus.redback.struts2.action.LoginAction.webLogin(LoginAction.java:341) at org.codehaus.plexus.redback.struts2.action.LoginAction.login(LoginAction.java:133) (continues, snipped) ---------------------------------------------- And most disturbingly, further attempts to to open any page in archiva results in a similar error, even when I attempt to go to the logout url directly, but that's due to the account I've attempted to login as. When I open archiva in another browser, I can open archiva without difficulty. Any information, assistance, etc, would be greatly appreciated. Thanks, - chris Chris Jacobs Systems Administrator, Technology Services Group Apollo Group | Apollo Marketing & Product Development | Aptimus, Inc. 1501 4th Ave | Suite 2500 | Seattle, WA 98101 direct 206.839.8245 | cell 206.601.3256 | Fax 206.644.0628 email: [email protected] This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system. This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system. This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
